github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-03-31 16:52:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust quotes and re-generate workflows

Browse Source
This commit is contained in:
Michael B. Gale
2026-02-28 18:13:05 +00:00
parent 5876a93a5f
commit f91cab1409
39 changed files with 135 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/__all-platform-bundle.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
all-platform-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: all-platform-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
all-platform-bundle:
strategy:
@@ -95,7 +94,7 @@ jobs:
- id: init
uses: ./../action/init
with:
# Swift is not supported on Ubuntu so we manually exclude it from the list here
# Swift is not supported on Ubuntu so we manually exclude it from the list here
languages: cpp,csharp,go,java,javascript,python,ruby
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code

12
.github/workflows/__analysis-kinds.yml generated vendored
View File

@@ -87,16 +87,16 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
post-processed-sarif-path: ${{ runner.temp }}/post-processed
post-processed-sarif-path: '${{ runner.temp }}/post-processed'
- name: Upload SARIF files
uses: actions/upload-artifact@v6
with:
name: |
analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
path: ${{ runner.temp }}/results/*.sarif
path: '${{ runner.temp }}/results/*.sarif'
retention-days: 7
- name: Upload post-processed SARIF
@@ -104,7 +104,7 @@ jobs:
with:
name: |
post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
path: ${{ runner.temp }}/post-processed
path: '${{ runner.temp }}/post-processed'
retention-days: 7
if-no-files-found: error
@@ -112,7 +112,7 @@ jobs:
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif'
EXPECT_PRESENT: 'false'
with:
script: ${{ env.CHECK_SCRIPT }}
@@ -120,7 +120,7 @@ jobs:
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif
SARIF_PATH: '${{ runner.temp }}/results/javascript.quality.sarif'
EXPECT_PRESENT: 'true'
with:
script: ${{ env.CHECK_SCRIPT }}

10
.github/workflows/__analyze-ref-input.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
analyze-ref-input:
strategy:
@@ -107,13 +106,12 @@ jobs:
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }}
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
- name: Build code
run: ./build.sh
- uses: ./../action/analyze
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__autobuild-action.yml generated vendored
View File

@@ -82,7 +82,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild
env:
# Explicitly disable the CLR tracer.
# Explicitly disable the CLR tracer.
COR_ENABLE_PROFILING: ''
COR_PROFILER: ''
COR_PROFILER_PATH_64: ''

3
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml generated vendored
View File

@@ -42,8 +42,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
autobuild-direct-tracing-with-working-dir-${{github.ref}}-${{inputs.java-version}}
group: autobuild-direct-tracing-with-working-dir-${{github.ref}}-${{inputs.java-version}}
jobs:
autobuild-direct-tracing-with-working-dir:
strategy:

2
.github/workflows/__build-mode-autobuild.yml generated vendored
View File

@@ -97,7 +97,7 @@ jobs:
id: init
with:
build-mode: autobuild
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}

5
.github/workflows/__build-mode-manual.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
build-mode-manual-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: build-mode-manual-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
build-mode-manual:
strategy:
@@ -92,7 +91,7 @@ jobs:
id: init
with:
build-mode: manual
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}

4
.github/workflows/__build-mode-none.yml generated vendored
View File

@@ -64,7 +64,7 @@ jobs:
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -77,7 +77,7 @@ jobs:
exit 1
fi
# The latest nightly supports omitting the autobuild Action when the build mode is specified.
# The latest nightly supports omitting the autobuild Action when the build mode is specified.
- uses: ./../action/autobuild
if: matrix.version != 'nightly-latest'

2
.github/workflows/__build-mode-rollback.yml generated vendored
View File

@@ -68,7 +68,7 @@ jobs:
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}

2
.github/workflows/__bundle-from-nightly.yml generated vendored
View File

@@ -66,7 +66,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: javascript
- name: Fail if the CodeQL version is not a nightly
if: "!contains(steps.init.outputs.codeql-version, '+')"
if: ${{ !contains(steps.init.outputs.codeql-version, '+') }}
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__cleanup-db-cluster-dir.yml generated vendored
View File

@@ -67,7 +67,7 @@ jobs:
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}

6
.github/workflows/__config-export.yml generated vendored
View File

@@ -67,18 +67,18 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v6
with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
path: '${{ runner.temp }}/results/javascript.sarif'
retention-days: 7
- name: Check config properties appear in SARIF
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif'
with:
script: |
const fs = require('fs');

6
.github/workflows/__diagnostics-export.yml generated vendored
View File

@@ -78,18 +78,18 @@ jobs:
--ready-for-status-page
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v6
with:
name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
path: '${{ runner.temp }}/results/javascript.sarif'
retention-days: 7
- name: Check diagnostics appear in SARIF
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif'
with:
script: |
const fs = require('fs');

7
.github/workflows/__export-file-baseline-information.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
export-file-baseline-information-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: export-file-baseline-information-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
export-file-baseline-information:
strategy:
@@ -101,12 +100,12 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
- name: Upload SARIF
uses: actions/upload-artifact@v6
with:
name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
path: '${{ runner.temp }}/results/javascript.sarif'
retention-days: 7
- name: Check results
run: |

3
.github/workflows/__go-custom-queries.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
go-custom-queries-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: go-custom-queries-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
go-custom-queries:
strategy:

6
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View File

@@ -77,7 +77,7 @@ jobs:
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
# Deliberately change Go after the `init` step
# Deliberately change Go after the `init` step
- uses: actions/setup-go@v6
with:
go-version: '1.20'
@@ -85,12 +85,12 @@ jobs:
run: go build main.go
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Check diagnostic appears in SARIF
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/go.sarif
SARIF_PATH: '${{ runner.temp }}/results/go.sarif'
with:
script: |
const fs = require('fs');

7
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml generated vendored
View File

@@ -42,8 +42,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
go-indirect-tracing-workaround-no-file-program-${{github.ref}}-${{inputs.go-version}}
group: go-indirect-tracing-workaround-no-file-program-${{github.ref}}-${{inputs.go-version}}
jobs:
go-indirect-tracing-workaround-no-file-program:
strategy:
@@ -87,12 +86,12 @@ jobs:
run: go build main.go
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Check diagnostic appears in SARIF
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/go.sarif
SARIF_PATH: '${{ runner.temp }}/results/go.sarif'
with:
script: |
const fs = require('fs');

3
.github/workflows/__init-with-registries.yml generated vendored
View File

@@ -50,7 +50,6 @@ jobs:
permissions:
contents: read
packages: read
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
@@ -66,7 +65,7 @@ jobs:
- name: Init with registries
uses: ./../action/init
with:
db-location: ${{ runner.temp }}/customDbLocation
db-location: '${{ runner.temp }}/customDbLocation'
tools: ${{ steps.prepare-test.outputs.tools-url }}
config-file: ./.github/codeql/codeql-config-registries.yml
languages: javascript

4
.github/workflows/__job-run-uuid-sarif.yml generated vendored
View File

@@ -65,12 +65,12 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
- name: Upload SARIF
uses: actions/upload-artifact@v6
with:
name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
path: '${{ runner.temp }}/results/javascript.sarif'
retention-days: 7
- name: Check results
run: |

2
.github/workflows/__language-aliases.yml generated vendored
View File

@@ -63,7 +63,7 @@ jobs:
languages: C#,java-kotlin,swift,typescript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check languages
- name: 'Check languages'
run: |
expected_languages="csharp,java,swift,javascript"
actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)

5
.github/workflows/__local-bundle.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
local-bundle:
strategy:
@@ -109,7 +108,7 @@ jobs:
- id: init
uses: ./../action/init
with:
# Swift is not supported on Ubuntu so we manually exclude it from the list here
# Swift is not supported on Ubuntu so we manually exclude it from the list here
languages: cpp,csharp,go,java,javascript,python,ruby
tools: ./codeql-bundle-linux64.tar.zst
- name: Build code

8
.github/workflows/__multi-language-autodetect.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
multi-language-autodetect-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: multi-language-autodetect-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
multi-language-autodetect:
strategy:
@@ -144,9 +143,8 @@ jobs:
- uses: ./../action/init
id: init
with:
db-location: ${{ runner.temp }}/customDbLocation
languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby'
|| '' }}
db-location: '${{ runner.temp }}/customDbLocation'
languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' || '' }}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code

10
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
packaging-codescanning-config-inputs-js:
strategy:
@@ -116,7 +115,7 @@ jobs:
dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
config-file: '.github/codeql/codeql-config-packaging3.yml'
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -124,15 +123,14 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Check results
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar
- name: Assert Results

10
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
packaging-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: packaging-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
packaging-config-inputs-js:
strategy:
@@ -101,7 +100,7 @@ jobs:
dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
config-file: '.github/codeql/codeql-config-packaging3.yml'
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -109,15 +108,14 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Check results
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar
- name: Assert Results

10
.github/workflows/__packaging-config-js.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
packaging-config-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: packaging-config-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
packaging-config-js:
strategy:
@@ -101,22 +100,21 @@ jobs:
dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging.yml
config-file: '.github/codeql/codeql-config-packaging.yml'
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Check results
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar
- name: Assert Results

10
.github/workflows/__packaging-inputs-js.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
packaging-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: packaging-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
packaging-inputs-js:
strategy:
@@ -101,7 +100,7 @@ jobs:
dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging2.yml
config-file: '.github/codeql/codeql-config-packaging2.yml'
languages: javascript
packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -109,14 +108,13 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
- name: Check results
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar
- name: Assert Results

6
.github/workflows/__remote-config.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
remote-config:
strategy:
@@ -109,8 +108,7 @@ jobs:
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }}
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
- name: Build code
run: ./build.sh
- uses: ./../action/analyze

3
.github/workflows/__resolve-environment-action.yml generated vendored
View File

@@ -84,8 +84,7 @@ jobs:
language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present
if:
fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
if: fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true

6
.github/workflows/__split-workflow.yml generated vendored
View File

@@ -99,7 +99,7 @@ jobs:
dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
config-file: '.github/codeql/codeql-config-packaging3.yml'
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -108,7 +108,7 @@ jobs:
- uses: ./../action/analyze
with:
skip-queries: true
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Assert No Results
@@ -119,7 +119,7 @@ jobs:
fi
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
output: '${{ runner.temp }}/results'
upload-database: false
- name: Assert Results
run: |

6
.github/workflows/__start-proxy.yml generated vendored
View File

@@ -71,8 +71,7 @@ jobs:
id: proxy
uses: ./../action/start-proxy
with:
registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json"
}]'
registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json" }]'
- name: Print proxy outputs
run: |
@@ -81,8 +80,7 @@ jobs:
echo "${{ steps.proxy.outputs.proxy_urls }}"
- name: Fail if proxy outputs are not set
if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port)
|| (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls)
if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls)
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true

23
.github/workflows/__submit-sarif-failure.yml generated vendored
View File

@@ -49,8 +49,7 @@ jobs:
if: github.triggering_actor != 'dependabot[bot]'
permissions:
contents: read
security-events: write # needed to upload the SARIF file
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
@@ -69,26 +68,20 @@ jobs:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Fail
# We want this job to pass if the Action correctly uploads the SARIF file for
# the failed run.
# Setting this step to continue on error means that it is marked as completing
# successfully, so will not fail the job.
# We want this job to pass if the Action correctly uploads the SARIF file for
# the failed run.
# Setting this step to continue on error means that it is marked as completing
# successfully, so will not fail the job.
continue-on-error: true
run: exit 1
- uses: ./analyze
# In a real workflow, this step wouldn't run. Since we used `continue-on-error`
# above, we manually disable it with an `if` condition.
# In a real workflow, this step wouldn't run. Since we used `continue-on-error`
# above, we manually disable it with an `if` condition.
if: false
with:
category: /test-codeql-version:${{ matrix.version }}
category: '/test-codeql-version:${{ matrix.version }}'
env:
# Internal-only environment variable used to indicate that the post-init Action
# should expect to upload a SARIF file for the failed run.
CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true
# Make sure the uploading SARIF files feature is enabled.
CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
# Upload the failed SARIF file as an integration test of the API endpoint.
CODEQL_ACTION_TEST_MODE: false
# Mark telemetry for this workflow so it can be treated separately.
CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks

3
.github/workflows/__swift-custom-build.yml generated vendored
View File

@@ -52,8 +52,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
swift-custom-build-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
group: swift-custom-build-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}}
jobs:
swift-custom-build:
strategy:

5
.github/workflows/__unset-environment.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
unset-environment:
strategy:
@@ -109,7 +108,7 @@ jobs:
id: init
with:
db-location: ${{ runner.temp }}/customDbLocation
# Swift is not supported on Ubuntu so we manually exclude it from the list here
# Swift is not supported on Ubuntu so we manually exclude it from the list here
languages: cpp,csharp,go,java,javascript,python,ruby
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code

16
.github/workflows/__upload-ref-sha-input.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
upload-ref-sha-input:
strategy:
@@ -107,19 +106,18 @@ jobs:
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }}
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
- name: Build code
run: ./build.sh
# Generate some SARIF we can upload with the upload-sarif step
# Generate some SARIF we can upload with the upload-sarif step
- uses: ./../action/analyze
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
upload: never
- uses: ./../action/upload-sarif
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
CODEQL_ACTION_TEST_MODE: true

41
.github/workflows/__upload-sarif.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
upload-sarif:
strategy:
@@ -117,11 +116,11 @@ jobs:
analysis-kinds: ${{ matrix.analysis-kinds }}
- name: Build code
run: ./build.sh
# Generate some SARIF we can upload with the upload-sarif step
# Generate some SARIF we can upload with the upload-sarif step
- uses: ./../action/analyze
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
upload: never
output: ${{ runner.temp }}/results
@@ -130,15 +129,15 @@ jobs:
uses: ./../action/upload-sarif
id: upload-sarif
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
sarif_file: ${{ runner.temp }}/results
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/
- name: Fail for missing output from `upload-sarif` step for `code-scanning`
- name: 'Fail for missing output from `upload-sarif` step for `code-scanning`'
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)
run: exit 1
- name: Fail for missing output from `upload-sarif` step for `code-quality`
- name: 'Fail for missing output from `upload-sarif` step for `code-quality`'
if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)
run: exit 1
@@ -147,28 +146,26 @@ jobs:
id: upload-single-sarif-code-scanning
if: contains(matrix.analysis-kinds, 'code-scanning')
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
sarif_file: ${{ runner.temp }}/results/javascript.sarif
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/
- name: Fail for missing output from `upload-single-sarif-code-scanning` step
if: contains(matrix.analysis-kinds, 'code-scanning') &&
!(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)
- name: 'Fail for missing output from `upload-single-sarif-code-scanning` step'
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)
run: exit 1
- name: Upload single SARIF file for Code Quality
uses: ./../action/upload-sarif
id: upload-single-sarif-code-quality
if: contains(matrix.analysis-kinds, 'code-quality')
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/
- name: Fail for missing output from `upload-single-sarif-code-quality` step
if: contains(matrix.analysis-kinds, 'code-quality') &&
!(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)
- name: 'Fail for missing output from `upload-single-sarif-code-quality` step'
if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)
run: exit 1
- name: Change SARIF file extension
@@ -179,12 +176,12 @@ jobs:
id: upload-single-non-sarif
if: contains(matrix.analysis-kinds, 'code-scanning')
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
sarif_file: ${{ runner.temp }}/results/javascript.sarif.json
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/
- name: Fail for missing output from `upload-single-non-sarif` step
- name: 'Fail for missing output from `upload-single-non-sarif` step'
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)
run: exit 1
env:

10
.github/workflows/__with-checkout-path.yml generated vendored
View File

@@ -62,8 +62,7 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group:
with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
group: with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}}
jobs:
with-checkout-path:
strategy:
@@ -80,6 +79,7 @@ jobs:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
# This ensures we don't accidentally use the original checkout for any part of the test.
- name: Check out repository
uses: actions/checkout@v6
- name: Prepare test
@@ -109,8 +109,8 @@ jobs:
# Actions does not support deleting the current working directory, so we
# delete the contents of the directory instead.
rm -rf ./* .github .git
# Check out the actions repo again, but at a different location.
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main
# Check out the actions repo again, but at a different location.
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main
- uses: actions/checkout@v6
with:
ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
@@ -119,7 +119,7 @@ jobs:
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
# it's enough to test one compiled language and one interpreted language
# it's enough to test one compiled language and one interpreted language
languages: csharp,javascript
source-root: x/y/z/some-path/tests/multi-language-repo

2
pr-checks/checks/bundle-from-nightly.yml
View File

@@ -11,5 +11,5 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: javascript
- name: Fail if the CodeQL version is not a nightly
if: "!contains(steps.init.outputs.codeql-version, '+')"
if: ${{ !contains(steps.init.outputs.codeql-version, '+') }}
run: exit 1

18
pr-checks/checks/upload-sarif.yml
View File

@@ -32,16 +32,16 @@ steps:
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/
- name: "Fail for missing output from `upload-sarif` step for `code-scanning`"
if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)"
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)
run: exit 1
- name: "Fail for missing output from `upload-sarif` step for `code-quality`"
if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)"
if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)
run: exit 1
- name: Upload single SARIF file for Code Scanning
uses: ./../action/upload-sarif
id: upload-single-sarif-code-scanning
if: "contains(matrix.analysis-kinds, 'code-scanning')"
if: contains(matrix.analysis-kinds, 'code-scanning')
with:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
@@ -49,12 +49,12 @@ steps:
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/
- name: "Fail for missing output from `upload-single-sarif-code-scanning` step"
if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)"
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)
run: exit 1
- name: Upload single SARIF file for Code Quality
uses: ./../action/upload-sarif
id: upload-single-sarif-code-quality
if: "contains(matrix.analysis-kinds, 'code-quality')"
if: contains(matrix.analysis-kinds, 'code-quality')
with:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
@@ -62,16 +62,16 @@ steps:
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/
- name: "Fail for missing output from `upload-single-sarif-code-quality` step"
if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)"
if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)
run: exit 1
- name: Change SARIF file extension
if: "contains(matrix.analysis-kinds, 'code-scanning')"
if: contains(matrix.analysis-kinds, 'code-scanning')
run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json
- name: Upload single non-`.sarif` file
uses: ./../action/upload-sarif
id: upload-single-non-sarif
if: "contains(matrix.analysis-kinds, 'code-scanning')"
if: contains(matrix.analysis-kinds, 'code-scanning')
with:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
@@ -79,5 +79,5 @@ steps:
category: |
${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/
- name: "Fail for missing output from `upload-single-non-sarif` step"
if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)"
if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)
run: exit 1

12
pr-checks/sync.ts
View File

@@ -365,6 +365,18 @@ function main(): void {
// Extract the sequence of steps from the YAML document to persist as much formatting as possible.
const specSteps = specDocument.get("steps") as yaml.YAMLSeq;
// A handful of workflow specifications use double quotes for values, while we generally use single quotes.
// This replaces double quotes with single quotes for consistency.
yaml.visit(specSteps, {
Scalar(_key, node) {
if (node.type === "QUOTE_DOUBLE") {
node.type = "QUOTE_SINGLE";
}
}
});
// Add the generated steps in front of the ones from the specification.
specSteps.items.unshift(...steps);
const checkJob: Record<string, any> = {